Hi all, I’m working with webMethods 9.10 fix level IS_9.10_Core_Fix5

I have a REST API call going from WM to the application with token authentication.
The get token always works and returns a valid token.
Then, when I send my request (GET or POST), once in a while, I’m starting to get the error “com.wm.net.NetException: [ISC.0064.9314] Authorization Required: Unauthorized”
Different URIs, different methods (to the same target application).
This behaviour persists until I “change” the request signature (for example change content type header to something else), or restart the IS server. After that, the requests go through and return expected response.

My service ACLs are set to “Execute ACL = Internal (inherited)” and I know the service runs under “Administrator” user. Also tried to set it to execute anonymous which didn’t help.

I’m guessing the server is caching somewhere the request signature and returns the error.

Any suggestions please?
Thank you

Hi @marinap

Is you Target URL a Load Balancer (LB) URL. Incase if your Target URL is a LB URL then perhaps in one of the Target Server nodes the Authentication is not set exactly as in the other node and hence you get this error intermittently when your request is redirected by the LB to that Server node.

It doesn’t happen via Postman while hapenning from WM IS server and it fails on same request that goes through via Postman with the same token value

Try to execute a Telnet Hostname port from the webMethods IS installed unix box and share the result.

Also share a screen shot of your service , request and error response.

Different URIs, different methods (to the same target application). - what do you meant by same target application?

Check how it works in postman?
verify the response headers coming to postman for response server details.
Is the error happening on to anyone/few response servers or for all?
check with target API application team, on what’s happening at their end when your request is failing.

There’s no LB and I believe it’s the WM IS throws the exception and the request doesn’t even reach the target applicaiton

Hi @marinap

Thanks for the information. In that case, is your design such that in your parent service there is a Condition check based on which different child Services are Invoked ( to say GET and POST data). And for one of the Child services the Authorization error is being thrown as it has a different ACL than the one defined or passed by the Parent Service.

Thank you for pointing me to the right direction. It was indeed an issue with the target application’s ingress service as I was able to see 401 in their logs.
That means it was reaching them